Hosts: Block the bullshit web V2

Advertisements, tracking scripts and other countless lines of code downloaded on to your machine to spam and monitor you whenever you connect to the internet.

Host is a project to block advertisements, tracking scripts and other websites including pornographic content using this host file.


We will use Pi-Hole as our DNS resolver which will be tunneled via OpenVPN. Both the applications will be hosted on Oracle Cloud.

Thanks to r/pihole community for their love and support.

Step-by-step guide

Caution: We will enable the root access for convenience, which is strongly discouraged. If you are familiar with SSH, then I recommend you to use that approach. Proceed with caution.


Instructions:

  1. Only change configuration mentioned here, leave the rest as untouched/recommended/system default.

  2. This guide is written from Windows OS perspective.

  3. If you are a Linux user, you would be familiar with setting up a VM and accessing files.

  4. If you are a Mac user, use FileZilla as an alternative for WinSCP.


  1. Create an account with Oracle Cloud free tier: https://www.oracle.com/cloud/free

  2. Setup a VM instance

    1. Switch the OS from Oracle Linux to Ubuntu

    2. Upload your own public key (this key can be generated via PuTTY)

    3. Note down Public IP and Private IP

  3. Log in to Shell and switch to root: sudo su - root

  4. Change root password: passwd root

[Note: The common practice is not to do this. Here the use case is Security VS Convenience, where this approach is convenient but may be risky to permit remote access via root. This is used later in step 15]

  1. Install and configure OpenVPN server using following script: https://github.com/angristan/openvpn-install

  2. Select Port: 1194

  3. Create a default client after installation and download it [Step 25]

  4. Install and configure Pi-Hole: https://github.com/pi-hole/pi-hole/#one-step-automated-install

  5. Select interface: tun0

  6. Change the Pi-Hole password: sudo pihole -a -p

  7. Install nano text editor (or your favourite alternative): sudo apt install nano -y

  8. Edit the SSH config file: sudo nano /etc/ssh/sshd_config

  9. Change following entries

    1. PasswordAuthentication no > PasswordAuthentication yes

    2. PermitRootLogin prohibit-password > PermitRootLogin yes

[Note: As mentioned earlier, do this at your own risk - this allows you to easily connect to VM and grab any file from anywhere but this may pose a security risk]

  1. Restart sshd: sudo systemctl restart sshd

  2. Login to WinSCP

    1. Host: <Public IP>

    2. Username: root

    3. Password: <root password set in step 4>

  3. Navigate to: /etc/openvpn/server.conf

  4. Change push "dhcp-option DNS <pihole private ip goes here>"

  5. Search Internet on Oracle web GUI

  6. Navigate to > Internet Gateway vcn-XXXXXXXX-XXXX

  7. Left column > Navigate to > Security Lists

  8. Navigate to > Default Security List for vcn-XXXXXXXX-XXXX

  9. Add Ingress Rules

    1. Source CIDR: 0.0.0.0/0

    2. IP Protocol: UDP

    3. Destination Port Range: 1194 [Step 6]

  10. Restart the VM from the Console

  11. To add/revoke OpenVPN client certificates [Execute this via root, for which follow step 3]: ./openvpn-install.sh

  12. After creating a new client certificate, to download the certificate

    1. scp ubuntu@<public IP>:/root/CLIENT.ovpn C:\Users\<username>\Desktop [If you encounter permission denied error then try second option]

    2. Login to WinSCP [Refer step 15] and navigate to /root and download the client certificates to local

  13. Load the client certificate in OpenVPN app on your device, connect to the VPN and enjoy [OpenVPN client for your device: https://openvpn.net/vpn-client]

  14. Access Pi-Hole web interface/dashboard [You can configure one or most host files. Refer Steven Black's Github repository for more]

    1. Connect to OpenVPN [Client certificate as per step 24]

    2. Open browser and navigate to: https://<private ip>/admin/index.php [Password as per step 10]

  15. Use following commands for periodic updates

    1. Ubuntu: apt update && apt upgrade && apt dist-upgrade

    2. OpenVPN: apt update && apt upgrade

    3. Pi-Hole: pihole -up

    4. Pi-Hole Gravity (adblock lists): pihole -g

    5. Restart after update: reboot


Performance stats

Credits